Download CV
Download CV

REST API Project

The REST API project is a secure, role-based application that manages various administrative and student-related data. It offers RESTful endpoints that allow both administrative users and regular students to interact with the system based on their roles.

Key Features:

  1. Entities and Their Relationships:

  • Students: Represented students with fields like name, ID, and relationships to clubs and peer tutors.

  • Courses: Managed academic courses with fields such as course code, title, and semester details.

  • Clubs: Differentiated between academic and non-academic clubs using discriminator values.

  • Memberships: Linked students to clubs using ClubMembership.

  • Peer Tutors: Represented students tutoring specific courses, with registrations captured in PeerTutorRegistration.

  1. REST API Endpoints:

  • Implemented CRUD operations for managing:

  • Students

  • Courses

  • Clubs (Academic and Non-Academic)

  • Peer Tutors

  • Memberships

Provided Code:

The initial codebase for the REST API project was provided as part of a college assignment, including partially implemented entities, configurations, and security mechanisms. Our team was tasked with completing key TODO to enhance and finalize the application. This involved implementing business logic, such as integrating the authentication mechanism with the database, mapping relationships between entities (e.g., SecurityUser and Student) and enforcing role-based access control through JEE security annotations.

Although a significant portion of the code was pre-provided, it gave us the chance to work with advanced features and solidified our understanding of concepts that are essential for building enterprise applications.

  1. Security Implementation:

  • Utilized @RolesAllowed annotations to secure endpoints.

  • Designed SecurityRole and USER_HAS_ROLE tables for managing user roles.

  • Access controls were enforced using role-based security:

    ADMIN_ROLE had full access, including creating, updating, and deleting entities.

    USER_ROLE had restricted access, such as viewing their own data or specific records.

  • Authentication: Custom authentication mechanism using Basic Auth with hashed passwords (PBKDF2 algorithm).

  1. Additional Features:

  • Lazy Loading: Prevented unnecessary data loading, with specific queries using JOIN FETCH for associated entities.

Source Code

© 2024. All rights reserved

This website was created entirely by me using Hostinger's website builder to efficiently design a professional portfolio. While I chose a no-code tool to focus on content, I gained foundational knowledge of HTML, CSS, and JavaScript through my studies.